[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WIP] DTLS 1.0 preliminary patches

From: Simon Josefsson
Subject: Re: [WIP] DTLS 1.0 preliminary patches
Date: Thu, 30 Jul 2009 13:30:47 +0200
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.96 (gnu/linux)

Jonathan Bastien-Filiatrault <address@hidden> writes:

> Nikos Mavrogiannopoulos wrote:
>> specific questions on functionality or purpose let me know...
>>>> Re 0002-Add-DTLS1.0-protocol-entry.patch: This breaks the API.  Can you
>>>> re-order the DTLS addition so it is after GNUTLS_TLS1_2 and add a '=
>>>> 100' after it so there is room for TLS 1.3 etc?  Also, please drop the
>>>> GNUTLS_DTLS1 mapping, I think it helps to be specific about version
>>>> numbers at all places.  I think this patch could be added quickly
>>>> without problem.
>>> Alright, but DTLS1.0 needs to be sandwiched between TLS1.1 and TLS1.2,
>>> mostly for ver < GNUTLS_TLS1_2 checks. Since TLS1.2 is still
>>> experimental, could this breakage be tolerated ? I am wide open for a
>>> suggestions in this case...
>> In general I'd agree with simon that DTLS should be distinct from
>> TLSx.y. For the specific tests maybe we should move those into
>> designated functions such as if (_check_for_feature_xyz(tlsversion)) {
>> ... }. And a more complex matching algorithm will be present there.
> So in _gnutls_finished the ver < GNUTLS_TLS1_2 checks would become
> something like !_gnutls_has_selectable_prf(session) ?
> I suggest putting such functions in gnutls_algorithms.c. Any objections ?

Yes.  We could apply this directly, it makes the code more clear.

> Side note: I have setup a public git repository for your viewing pleasure.
> cgit URL:
> pull URL: git://
> WARNING: the dtls-wip branch is regularly rebased, do not use for any
> permanent merging or cherry-picking.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]